All geek questions in one place

Duplicate registration for springSecurityFilterChain when deploying to tomcat outside eclipse

I'm a little new to spring and still messed up in all configurations. I went through several different lessons, and it looks like everything is different. I have a spring application that works fine through Eclipse using the tomcat plugin. However, when exporting a war file to tomcat, tomcat itself does not start and throws

SEVERE: ContainerBase.addChild: start org.apache.catalina.LifecycleException: component failed to start

Called: java.lang.IllegalStateException: Register duplicate filter for 'springSecuirtyFilterChain'. Make sure that the filter is configured only once!

See the figure for a complete stack trace.

After commenting out springSecurityFilterChain in web.xml, regardless of whether the dataSource is auto-sensing or not giving one or two errors.

  • If the dataSource is autwired, I just get the error bean securityConfig failed and there is no bean found for the dependency.

  • If I leave the dataSource non-auto-level (for example, the code I use in Eclipse), then I get an IllegalArgumentException: the dataSource property is required.

Also, in order not to get the multiple error of the ContextLoader definition, I have to comment on the ContextLoaderListener in the web xml.

From what I saw, the problem is using xml and java for configurations, but I can’t pinpoint what is wrong.

I found a similar question, but could not solve my problem. Where can I define a `springSecurityFilterChain` bean? Adding a bean class pointing to my securityConfig placed in spring -security.xml did not help.

Thanks!

full stack trace image

Below is the code that works great when working in Eclipse.

web.xml

<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <!-- Spring MVC --> <servlet> <servlet-name>mvc-dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>InitServlet</servlet-name> <servlet-class>servlet.InitServlet</servlet-class> <init-param> <param-name>configfile</param-name> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>AdminServlet</servlet-name> <servlet-class>servlet.admin.AdminServlet</servlet-class> <load-on-startup>3</load-on-startup> </servlet> <servlet> <servlet-name>UserServlet</servlet-name> <servlet-class>servlet.user.UserServlet</servlet-class> <load-on-startup>4</load-on-startup> </servlet> <servlet> <servlet-name>SignupUserServlet</servlet-name> <servlet-class>servlet.user.SignupUserServlet</servlet-class> <load-on-startup>5</load-on-startup> </servlet> <servlet> <servlet-name>ReceiveFile</servlet-name> <servlet-class>servlet.user.ReceiveFile</servlet-class> <load-on-startup>6</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mvc-dispatcher</servlet-name> <url-pattern>/pages/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AdminServlet</servlet-name> <url-pattern>/AdminServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>UserServlet</servlet-name> <url-pattern>/UserServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>SignupUserServlet</servlet-name> <url-pattern>/SignupUserServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ReceiveFile</servlet-name> <url-pattern>/ReceiveFile</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-security.xml, /WEB-INF/spring-database.xml </param-value> </context-param> <!-- Spring Security --> <!-- This is to allow enctype="multipart/form-data" to upload and not throw an access denied page. See bottom of http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html for more info.--> <filter> <filter-name>MultipartFilter</filter-name> <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> </filter> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>MultipartFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>

SecuirtyConfig.java

 @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { DataSource dataSource; /* @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { // auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); } */ @Autowired public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth.jdbcAuthentication().dataSource(dataSource) .usersByUsernameQuery("select username,password, enabled from test_users where username=?") .authoritiesByUsernameQuery("select username, role from test_user_roles where username=?"); } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/res/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/loginDatabase.html") .permitAll(); } }

Appconfig.java

 @EnableWebMvc @Configuration @ComponentScan({"security.spring"}) @Import({ SecurityConfig.class }) public class AppConfig { @Bean(name = "dataSource") public DriverManagerDataSource dataSource() { DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource(); driverManagerDataSource.setDriverClassName("com.mysql.jdbc.Driver"); driverManagerDataSource.setUrl("****"); driverManagerDataSource.setUsername("**"); driverManagerDataSource.setPassword("**"); return driverManagerDataSource; } @Bean public InternalResourceViewResolver viewResolver() { InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); viewResolver.setViewClass(JstlView.class); viewResolver.setPrefix("/WEB-INF/pages/"); viewResolver.setSuffix(".jsp"); return viewResolver; } }

spring -security.xml

 <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:context="http://www.springframework.org/schema/context" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="spring.*" /> <!-- enable use-expressions --> <http auto-config="true" use-expressions="true"> <!-- login page must be available to all. The order matters, if this is after something which secures the page this will fail. --> <!-- <intercept-url pattern="/SignupUserServlet" access="permitAll"/> --> <!-- <intercept-url pattern="/pages/ReceiveFile" access="permitAll()"/> <intercept-url pattern="/pages/fileUpdate2" access="permitAll()"/> <intercept-url pattern="/pages/login" access="permitAll()" /> --> <intercept-url pattern="/pages/admin/**" access="hasRole('_admin')" /> <intercept-url pattern="/pages/trade/**" access="hasRole('_trader')" /> <intercept-url pattern="/pages/discover/**" access="hasRole('_users')" /> <!-- access denied page --> <access-denied-handler error-page="/pages/403" /> <form-login login-page="/pages/login" default-target-url="/pages/common/redirectportal" authentication-failure-url="/pages/login?error" username-parameter="username" password-parameter="password" /> <logout logout-url="/pages/logout" logout-success-url="/pages/login?logout" /> <!-- enable csrf protection --> <!-- currently off for testing... <csrf/> --> </http> <!-- Select users and user_roles from database --> <authentication-manager> <authentication-provider ref="customAuthenticationProvider"/> <!--<jdbc-user-service data-source-ref="dataSource" users-by-username-query= "select email,pwhash, enabled from users where email=?" authorities-by-username-query= "select email, groupname from usergroups where email =? " /> </authentication-provider> --> </authentication-manager> </beans:beans>
+5
source share
2 answers

It looks like you defined two instances of springSecurityFilterChain : once in SecurityConfig.java and once in spring-security.xml . You only need one of these files.

The filter line in web.xml tells the server (Tomcat) to load this filter, but an instance of this filter is configured in the context of Spring. The problem is that the Spring context cannot start because you have two configurations for springSecurityFilterChain . Take one and you will make progress.

Your configuration in the XML file seems more complete and finer, but I would recommend moving that configuration to a Java file and excluding the XML file.

As soon as you delete the duplicated configuration, you can still have errors, but you should find a solution for those who are on this site, or feel free to post a separate question!

Note. You can also get Spring to automatically register the filter chain for you, so you don't need to define it in web.xml. See here how to do it:

http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/

However, I would recommend starting the current configuration first before throwing it into the mix.

+8
source

I think there is no exact answer to this question. In any case, sending it may help someone. Two things for the xml approach are 1. get rid of the SpringSecurityInitializer class because u uses xml and has a mapping in web.xml 2. In the AppConfig file, delete @Import ({SecurityConfig.class})

If you want them both to reposition, then remove the mapping from the web.xml file and get rid of xml.

0
source

Source: https://habr.com/ru/post/1202827/

More articles:


All Articles